Mobile Phone Use: A Guide for Anti-Violence Organizations

Many shelters and transition houses frequently use mobile phones to communicate with survivors. While mobile phones are ubiquitous and offer convenience and ease of access, cellular devices also raise privacy and safety considerations. As with the use of any type of technology, it is important to have clear policies and procedures to outline proper use to maintain privacy and safety for survivors, staff, and the organization as a whole under the applicable privacy laws.

First, assess the reasons why your staff would be using mobile phones for work. These reasons will be the foundation for policies that address staff mobile phone use. Some common practice reasons include being easily accessible while out of the office, answering crisis calls off-site, and texting with survivors.

Not all employees need a mobile phone for their work and anti-violence workers who have different roles may need a mobile phone for different reasons. The policy should reflect these varying uses. For example, a legal advocate who travels to meet with women at court may need to make phone calls and send text messages to communicate with survivors, while a community outreach worker may need to access online forms and applications and her work email while out of the office meeting with survivors.

Mobile Phone Policy Recommendations

• Organizations should own and manage phones and other mobile devices. If a device is lost or stolen, organizations should have the ability to wipe the device or transfer it to another employee.
• Policies should outline the purpose(s) of mobile phone use for work, and have an individual Mobile Phone Use agreement with each employee.
• Policies should be clear about expectations of staff availability by phone when away from the office to set boundaries that achieve work-life balance.
• The Office of the Privacy Commissioner of Canada recommends that organizations offer organization-owned devices and accounts if they are delivering digital services. Although a significant financial commitment, this practice allows for better staff coordination across shifts and can increase privacy and security for survivors and the organization.

Risks when Anti-Violence Workers Use Their Personal Mobile Phone at Work

Using Personal Devices or Adding Personal Accounts to Work Devices Risks Survivors’ Privacy and Organizational Confidentiality

• Survivors’ contact information could be seen by friends or family both physcially and through call, text and email histories, phone records or disclosed if the device is lost or stolen.
• If evidence is stored on the phone, such as photographs, the phone may be subpoenaed in court proceedings as it holds potentially relevant information.
  or if it is required to be handed over by court order.
• When an anti-violence worker leaves the organization, survivors’ information could be disclosed or inaccessible to the organization.

Benefits for Organization-Issued Mobile Phones

Organization-issued mobile phones enable organizations to better ensure the security of devices, strengthen confidentiality practices, and support a healthy work-life balance for staff.

When organizations own and manage a mobile phone, they can set up and have control over the phone and accounts associated with it. This includes the data on the device as well as data that is in the connected cloud accounts (Google account for an Android phone and iCloud for an iPhone). Staff should not add personal accounts, phone numbers, or apps to a work phone.

If a phone is stolen or lost or if a staff person using the phone leaves, the organization can easily transfer it to another colleague, or wipe the device clean. Owning and having control over mobile devices allows the organization to control the accounts that are connected, apps that are downloaded, and websites visited from the device.

Consider if staff need a mobile phone for their job responsibilities and if so provide the type of mobile phone that would be most appropriate for the support services they provide to survivors.

A variety of mobile phones exists ranging from voice and text-only cell phones to an array of smartphones. The mobile phone can be matched to the type of support provided. For example, if a crisis support worker primarily communicates with children, youth, and parents through phone calls or sending texts, a simple cell phone model may be more appropriate and safer. For staff who plan to use video calls with survivors, smartphones may be preferable. If employees need to travel for work, smartphones that can access apps such as maps or the Internet may be advisable.

Mobile phones should be set up by knowledgeable IT staff for enhanced security and should be checked by IT staff on a regular basis. The checkup should include needed updates, a scan for malware, a check of all installed apps, and any other security concerns. Additionally, you may consider implementing the following basic security measures:

• Passcodes – All phones should require a passcode, password, biometric factor, or other security measure to unlock the phone. Do not use the same passcode for every organization-owned phone. Supervisors or IT staff should have access to the passcodes to unlock the phones in case staff cannot. All phones should automatically lock after a short time when not being used.
• Anti-virus and anti-malware apps – All phones should have anti-virus or anti-malware software or apps installed and updated regularly.
• Remote wiping – Agencies should have the ability to remotely wipe the content of a phone that is lost or stolen.
• Parental controls – Organizations should avoid apps or features that control or monitor an employee’s phone. This same kind of software is often used by stalkers and abusive people.
• Avoid automatically forwarding office voicemail to a phone. If voicemails are forwarded, delete audio recordings, emails, and text messages of survivors’ voicemail messages as soon as they have been listened to.
• Use a secure passcode for voicemail on a mobile phone.
• Do not store survivor appointments in personal calendars. Try to have an appointments-only calendar that is regularly purged and doesn’t include survivors’ identifying information. Consider only referring to survivors on the appointments calendar with an organizational ID number.

Most smartphones require a specific account to be connected to the phone. Generally, iPhones require an iCloud account and Android phones require a Google account. Depending on the type of phone, the manufacturer may also offer an account for the phone to offer different apps, manage security features, or store additional data. While phones connected to a cloud account may back up information from the phone by default, it is best that any personal information about a survivor not be backed up. This may mean turning off the synchronizing of most services and apps.

Recommendations

• Do not use the same cloud account on more than one phone. Doing this will connect all the phones to one account, which means that some information, such as contacts or messages, could be shared across phones.
• Minimize the amount of information synced to cloud accounts, particularly information regarding survivors. Most smartphones and apps allow users to determine which data, if any, is synced to the cloud or other connected devices. Check for and purge any survivor data from the backup regularly. Also, check to make sure that updates to operating systems or apps have not reset these settings.
• Limit who has access to the cloud’s account logs and information. Cloud accounts can reveal personal information about the user of the device, including the location of the phone and even messages sent through the phone.

Phones should not have location sharing or tracking turned on without the informed consent of the employee. Some organizations may want to track the location of an organization-issued phone for the safety of the worker or to locate a lost device.

If using location services for apps (such as Maps), anti-violence workers should understand the benefits and risks of using location services. Location history could be stored on the device or cloud accounts associated with the device or apps. Keeping location history could violate a survivor’s privacy or become a safety issue if the anti-violence worker met with them. Employees might also be targeted by a perpetrator and so should have their real-time location information protected as well.

Recommendations

• Only download apps that are necessary for work.
• Phone location should not be stored in the history of the device and should be turned off or set to a less accurate setting if not needed by the anti-violence worker.
• When using location services for apps such as maps or navigation, the location history should not be stored. If this is not possible, it should be deleted regularly.
• Specific locations such as home, survivor meeting places, or work sites should not be saved to the app or phone.
• Turn off “geotagging” in camera apps, which will prevent the storing of location information in digital photos or videos.
• Do not download apps from outside the official app stores. External apps could make the device more vulnerable to malware or spyware. Android phones have security settings that limit the device’s ability to download and install apps from “unknown sources.”

Some phone systems offer the ability to receive an audio recording or a transcript of the voicemail in an email or text message. This creates a risk of interception or inappropriate access if the email or text is delivered to the mobile phone.

Recommendations

• Avoid automatically forwarding office voicemail to a mobile phone.
• If voicemails are forwarded, delete audio recordings, emails, and text messages of survivor’s voicemail messages as soon as possible.
• Use a secure passcode for voicemail on a mobile phone.

Texting and messaging are other ways organizations can connect with survivors. Messaging can increase access for some participants, keep participants engaged, and can be used to relay information when a participant is not able to talk on the phone. Communicating via chat is more secure when done through a web-based chat tool rather than via a mobile phone.

Recommendation

• Delete messages as soon as possible from all devices as well as cloud accounts where messages could be stored.
• Do not store the survivor’s contact information on the mobile phone.

Depending on the employee’s job responsibilities, they may need to access email while out of the office. Access to work email from a smartphone could create security risks as generally, public Wi-Fi networks are insecure and vulnerable to hacking or interception of information. Networks that have no password, or have passwords that are publicly posted, are insecure networks. If access to email on a smartphone is necessary, ensure that confidentiality policies and practices include email access via smartphones.

If staff need to access files from a phone (or another device such as a tablet or laptop) while away from the office, secure file sharing “cloud” services exist to help manage security. Look for “No-Knowledge” or “Zero-Knowledge” encryption options where the tech company itself cannot see the content of the files because they do not hold the encryption key – only the organization does. Also, choose a service that allows you to control user-by-user access to the files so you can add or revoke access at any time.

Another option is to use a VPN (Virtual Private Network) from a reputable provider, which will provide a strong layer of security for the data that staff is sending and accessing. Bear in mind that a VPN will not protect the data from access or monitoring while the data is on the phone, but will increase data security while it is in transit.

Minimize the amount of information saved on the phone. Organization policies should include deleting information regularly, in most cases as soon as allowable under the organization’s privacy policies.

Recommendations

• Do not save survivor contact information on a mobile phone.
• All incoming and outgoing calls and texts should be purged according to the organization’s privacy policies.
• If the phone has both internal memory and a memory card, save to only one and regularly delete from that at the appropriate time. Saving to a memory card offers greater protection since a memory card can be removed and then destroyed at the appropriate time.
• Before recycling a phone or updating the phone to give to a new employee, reset the phone to factory settings to clear any data that is on the phone and does not need to be stored per the organization’s privacy policies.

If the calendar on the phone includes appointments with survivors, schedule meetings in a way that reduces the likelihood of being identifiable. Some calendar organizations allow users to create multiple calendars. Consider creating a calendar for appointments only, which can be synced to the phone and then deleted when no longer needed.

Smartphones, and the apps installed on them, have the ability to have more than one account configured to it. Staff should not have personal accounts configured to a work phone. Having a personal account on the phone could lead to accidentally mixing survivor information with personal information or accounts.

While the Office of the Privacy Commissioner of Canada recommends that organizations offer organization-owned devices and accounts if they are delivering digital services, in situations when anti-violence workers use their personal mobile phones to communicate with survivors, it should be done with specific considerations given to privacy and security.

Recommendations

If anti-violence workers must use personal devices… (although it’s strongly recommended that organizations provide devices for the highest level of privacy and security):

• Anti-violence workers can keep their phone numbers private through organization-provided phone numbers using a VoIP (internet phone) app, a dialer app, a virtual number, or other means. If the organization is unable to pay for VoIP apps/phone numbers for workers, they can get a free VoIP number (Google Voice) through an organization-controlled Google account. It is very important that this Google Voice number be connected to an organization-owned, work-only Google account and not the worker’s personal Google account.
• In the past, anti-violence workers have tried to prevent their number from showing in the receiver’s Caller ID by blocking their caller ID either through settings on their phone or by dialling a code such as *67. However, these options are unreliable. In addition, this does nothing to keep survivors’ contact info out of the rest of the information stored on the anti-violence worker’s phone. Some new smartphones allow you to turn off the Caller ID through “Settings.”
• On Android devices that support it, anti-violence workers can have a managed work profile that separates personal and work data. The separate work profile does not come with a separate phone number, so organizations will need to provide a dialer app for workers to use.
• iOS does not support profiles in the same way, but there are services such as Microsoft Intune that allow organizations that use other company services (in Microsoft’s case that would be Outlook, Teams, etc.) to create a managed work profile within an Android, iOS, Windows, or Mac device. Always review what implications a service could have for privacy.
• Call logs and text message logs related to communication with survivors should be deleted immediately from the anti-violence worker’s phone and accounts. Survivors’ contact information should not be saved in the phone or the anti-violence worker’s account.
• Organizations should also consider having an organizational Mobile Phone User Agreement that includes basic privacy and security practices for employees.

To support your development of safe tech use policies, WSC has developed a Use of Technology Policy Template Guide for Women’s Shelters and Transition Houses (PDF, in English only).

Technology-Facilitated Gender-Based Violence (TFGBV) is part of a continuum of violence that can be both online and in-person. If you or someone you know is experiencing TFGBV, you are not alone. You can use sheltersafe.ca to find a shelter/transition house near you to discuss options and create a safety plan. You don’t need to stay in a shelter to access free, confidential services and support.

Adapted for Canada with permission from NNEDV’s Safety Net project, based on their resource Mobile Advocacy: Privacy & Safety.